Adjust a couple of the limits for fuzzing.
Change-Id: Ia440676c8878a4bee6543313e9c8c1ed05cb6c38
Reviewed-on: https://code-review.googlesource.com/32590
Reviewed-by: Paul Wankadia <junyer@google.com>
diff --git a/re2/fuzzing/re2_fuzzer.cc b/re2/fuzzing/re2_fuzzer.cc
index 5d2820b..1ff2327 100644
--- a/re2/fuzzing/re2_fuzzer.cc
+++ b/re2/fuzzing/re2_fuzzer.cc
@@ -56,7 +56,7 @@
// Entry point for libFuzzer.
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
- if (size == 0 || size > 512)
+ if (size == 0 || size > 999)
return 0;
// Crudely limit the use of \p and \P.
@@ -67,10 +67,15 @@
// counted repetition is involved - whereas the marginal benefit is zero.
int backslash_p = 0;
for (size_t i = 0; i < size; i++) {
- if (data[i] == '\\' && i+1 < size && (data[i+1] == 'p' || data[i+1] == 'P'))
+ if (data[i] != '\\')
+ continue;
+ i++;
+ if (i >= size)
+ break;
+ if (data[i] == 'p' || data[i] == 'P')
backslash_p++;
}
- if (backslash_p > 10)
+ if (backslash_p > 1)
return 0;
// The one-at-a-time hash by Bob Jenkins.
